Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" w

Posted felixzh

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" w相关的知识,希望对你有一定的参考价值。

SupportKB

Problem Description: 
When starting Ranger admin, it fails to start up with the following error:
  1. [I] Java patch PatchPasswordEncryption_J10001 is being applied by some other process

The Ranger Admin service fails to start even after completely removing Ranger service, dropping Ranger database and reinstalling Ranger:

  1. 2017-10-20 13:29:32,536 [JISQL] /usr/java/default/bin/java
  2. -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar:
  3. /usr/hdp/current/ranger-admin/jisql/lib/*
  4. org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql:
  5. //ost-cdc-asi-nam-c04-data.linux.abc.corp.abc.com/ranger_hdp -u
  6. ‘ranger-hdp‘ -p ‘********‘
  7. -noheader -trim -c \; -query "delete from x_db_version_h where version=‘J10001‘ and
  8. active=‘N‘ and updated_by=‘test.support.com‘;"
  9. SQLException : SQL state: HY000 java.sql.SQLException: null, message from server:
  10. "Host ‘10.0.0.1‘ is blocked because of many connection errors; unblock with
  11. ‘mysqladmin flush-hosts‘" ErrorCode: 1129
  12. 2017-10-20 13:29:32,838 [E] applying java patch PatchPasswordEncryption_J10001 failed

Cause: 
This issue occurs on latest versions of CentOS/RHEL releases (for example CentOS/RHEL 6.7 or later, and CentOS/RHEL 7), where "Encrypted Connections" (SSL) feature is enabled by default in MySQL. If the database client (Ranger in this case) is not configured to use SSL, the connection will fail and the following is displayedin the log as well:
  1. WARN: Establishing SSL connection without server‘s identity verification is not recommended.
  2. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default
  3. if explicit option isn‘t set.
  4. For compliance with existing applications not using SSL the verifyServerCertificate property
  5. is set to ‘false‘.
  6. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

The database client will keep connecting until it reaches the limit of MySQL‘s crude anti-cybercriminal feature. If MySQL‘s crude anti-cybercriminal feature has been activated, when a database client has tried and failed to connect MySQL for many times (by default, 100) the MySQL concludes that the machine is compromised and refuses to accept any more connections from it. That‘s when Ranger admin fails with the "blocked because of many connection error".
Solution:
To resolve this issue, disable the Encrypted Connections (SSL) feature in MySQL by adding skip_ssl in my.cnf and restart mysqld service:

  1. Log in to MySQL and query:
    1. mysql> SHOW VARIABLES LIKE ‘%ssl%‘;
  2. The following should be like the following, which suggests the SSL is enabled in MySQL:
    1. +---------------+-----------------+ | Variable_name | Value |
    2. "+---------------+-----------------+ | have_openssl | YES | |
    3. have_ssl | YES | | ssl_ca | ca.pem | | ssl_capath | | | ssl_cert |
    4. server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | |
    5. ssl_key | server-key.pem | +---------------+-----------------+ 9 rows in set (0.00 sec)
  3. Edit my.cnf file to add skip_ssl:
    1. [mysqld]
    2. ...
    3.  
    4. skip_ssl
    5. # disable_ssl
    6.  
    7. ...
  4. Restart MySQL service:
    1. service mysql restart
  5. Re-log in to MySQL and run the same query. Ensure SSL is disabled:
    1. +---------------+----------+
    2. | Variable_name | Value |
    3. +---------------+----------+
    4. | have_openssl | DISABLED |
    5. | have_ssl | DISABLED |
    6. | ssl_ca | |
    7. | ssl_capath | |
    8. | ssl_cert | |
    9. | ssl_cipher | |
    10. | ssl_crl | |
    11. | ssl_crlpath | |
    12. | ssl_key | |
    13. +---------------+----------+
    14. 9 rows in set (0.00 sec)
  6. Restart Ranger admin service.



About:
This article created by Hortonworks Support (Article: 000006653) on 2017-11-03 14:00
OS: n/a
Type: n/a
Version: n/a

Support ID: 000006653

以上是关于Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" w的主要内容,如果未能解决你的问题,请参考以下文章

yocto编译时报错"fontconfig-2.12.1/src/fcmatch.c:324:63: error: ‘PRI_CHAR_WIDTH_STRONG' undeclar

yocto编译时报错"fontconfig-2.12.1/src/fcmatch.c:324:63: error: ‘PRI_CHAR_WIDTH_STRONG' undeclar

从 JAVA Spring 创建对 Firebase 的 HTTP.PATCH 请求

The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Pa

maven The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Pa

PATCH 方法和 CORS 预检请求存在问题